RE: Authenticated cipher modes

To: "'Sara Golemon'" <ietf-secsh%libssh2.org@localhost>, <ietf-ssh%netbsd.org@localhost>
Subject: RE: Authenticated cipher modes
From: "denis bider" <ietf-ssh%denisbider.com@localhost>
Date: Tue, 19 Apr 2005 10:20:17 +0200

[Sara Golemon]
> Given that method renegotiation is appearantly part of the 
> spec, I'd be inclined to ask: "So why not use it for this 
> ciphers containing data integrity issue?"  It seems like a 
> much more straightforward approach than adding per-cipher 
> specific logic to the method selection criteria.

The per-cipher specific logic in this case would be very simple (requiring
only very local code change), efficient in terms of additional roundtrips
(none required), and compatible with the installed base (special rules for
helix are orthogonal to rules currently in use), whereas the proposal to use
renegotiation for this purpose is complex (key re-exchange is like turning a
bus on a highway), inefficient (requires many additional roundtrips for
something that could be done without any), and not necessarily compatible
with the installed base (though key re-exchange is required, not all
implementations support it).

I therefore think that harnessing key re-exchange for this purpose would be
a very bad decision.

References:
- Re: Authenticated cipher modes
  - From: Sara Golemon

Prev by Date: Re: Authenticated cipher modes
Next by Date: Re: Copy-edit comments on filexfer-08
Previous by Thread: Re: Authenticated cipher modes
Next by Thread: Re: Authenticated cipher modes
Indexes:

Home | Main Index | Thread Index | Old Index